Conversation

Quite insane how Android both has the system firmware and the OS combined _and_ doesn't have the possibility of reflashing via bootrom for a lot of devices.

Quote Tweet

flawedworld

@flawedworlddev

Aug 16

A warning to AOSP devs on 6th generation Pixels, ensure you flash Android 13 to both slots, because if A13 fails to boot and falls back to A12 bootloader, your phone will be perma-bricked. RIP Pixel 6.

Show this thread

Replying to

Pixels disable that for security hardening but in the past they only used firmware downgrade protection for the secure element and didn't bother using it to protect against firmware-based verified boot bypasses. It's a new thing that they're upgrading firmware rollback version.

Replying to

and

Android 13 on 6th gen Pixels depends on having upgraded firmware, so there isn't much choice if you want to use or work on an Android 13 based OS. It's possible the Android 13 firmware still supports Android 12 but an Android 12 OS ships Android 12 firmware which can't be used.

Replying to

Isn't that fuse blown in HLOS after bootup? As far as I can see - you might be able to avoid blowing it if you're careful.

Replying to

Yes, it will only happen once it reaches the lockscreen, disables automatic rollback and then updates the OS vbmeta rollback indexes in the secure element. They added extra code to update the SoC firmware boot chain rollback index there too. OS ones can be reset when unlocked.

Replying to

and

Rollback can happen until very late in the boot process on devices using f2fs with the checkpoint disable feature including Pixels. They mount data with checkpointing disabled so they can still roll back after mounting data despite migrating arbitrary stuff to the new OS version.

9:55 AM · Aug 16, 2022Twitter Web App

Replying to

and

The progress bar displayed when you reach the lockscreen / home screen is the final part of the process where it locks in the new version. You can actually manage to open an app before it has finished disabling rollback. If you reboot before that's done it rolls back the update.

Replying to

and

We're going to temporarily do github.com/GrapheneOS/dev while we're working on porting GrapheneOS to Android 13. It's unfortunate we don't have early access to new major releases because we would be nearly done already. Some of our early porting was done via reverse engineering...

github.com

[temporary] Revert "BootControl: blow AR on boot complete" · GrapheneOS/device_google_gs101@1b73448

This reverts commit 9ecd004e6bf34260c17c39bb29d0a718fa01cd1f.